Review Best Practice Network Configuration

Use the Best Practice Assessment (BPA) tool to check the network configuration (GlobalProtect, Zones, etc.) to identify weaknesses to improve.
Best Practice Assessment
shows all checks for network-related configuration and begins on the
page. On the left nav, select the network check you want to review to understand the existing configuration and to identify potential gaps in best practice configuration related to Zones, GRE Tunnels, and to GlobalProtect, IPsec Crypto, Interface Management, and Zone Protection profiles. The following example shows the result for Zones.
The report shows the current configuration for each item. The best practice check results for each item appears below its current configuration. You can specify a
Device Group
to limit the scope of the information displayed.
Each check has pass/fail status and recommendations for failed best practice checks. Click help ( ) for the rationale for each check and links to best practice documentation. When one or more checks fail, the item’s title turns red.
When you review the
tab, at a minimum, review the following items to help understand the potential scope of remediation:
  • Zones
    —Whether each zone has Packet Buffer Protection enabled and has a Zone Protection profile.
  • Zone Protection
    —Whether Flood Protection and Packet-Based Attack Protection are enabled.

Recommended For You